Skip to content

antoniu86/stego

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
cli
cli
 
 
docs
docs
 
 
gui
gui
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
install.sh
install.sh
 
 

Repository files navigation

stego

Hide encrypted data inside any file (image, video, PDF, etc.) using AES-256 encryption. Hidden data is appended to the carrier file — the file still opens normally.

Install the stego command (requires sudo)

Copies the scripts to /usr/local/share/stego/ and registers stego in /usr/local/bin/.

sudo bash install.sh

If stego is already installed the script will detect it and prompt you to update — just press Enter to confirm.

To uninstall:

sudo rm -rf /usr/local/share/stego
sudo rm -f /usr/local/bin/stego

Without installing (any user)

Run the CLI directly from the cli/ folder — no sudo needed.

# Install the only dependency
pip3 install cryptography

python3 cli/cli.py --help

Usage

Hide data

# Hide a single file
stego hide photo.jpg secret.txt -o hidden.jpg

# Hide an entire folder
stego hide photo.jpg secrets/ -o hidden.jpg

When no -p flag is given, you will be prompted to enter and confirm the password:

Enter encryption password:
Confirm encryption password:

Arguments:

Argument Description
carrier The file to use as carrier (image, video, PDF, etc.)
data File or folder to hide
-o FILE Output file (required)
-p PASSWORD Password (skips confirmation prompt — use with care)
-v Verbose output

Extract hidden data

stego show output.jpg -o recovered/

The output folder will contain:

recovered/
├── data/       ← your extracted files
└── original/   ← clean carrier file (no hidden data)

Options:

Flag Description
-o FOLDER Output folder (required)
-p PASSWORD Password (prompted if omitted)
-v Verbose output

Scan for hidden data

# Single file
stego scan photo.jpg

# Directory, recursive, verbose
stego scan ~/Downloads -r -v

Options:

Flag Description
-r Scan subdirectories recursively
-a Include hidden files (dotfiles)
-v Verbose output

Quick example

# Hide a file
stego hide photo.jpg secret.txt -o hidden.jpg

# Hide a folder
stego hide photo.jpg secrets/ -o hidden.jpg

# Verify
stego scan hidden.jpg

# Extract
stego show hidden.jpg -o recovered/

Important: do not modify the output file

Hidden data is appended after the carrier file's original bytes. Any operation that rewrites the file will destroy the hidden data.

Unsafe (destroys hidden data) Safe (preserves hidden data)
Opening in an image editor and saving Copying or moving the file (cp, mv)
Compressing or optimising the file Viewing without saving
Converting to another format Transferring via USB, SCP, rsync
Uploading to social media stego scan file to verify

Security notes

  • Encryption: AES-256-CBC
  • Key derivation: PBKDF2-HMAC-SHA256, 100 000 iterations, random 16-byte salt
  • Integrity: SHA-256 checksum verified on extraction
  • Hidden data is detectable with stego scan — this tool provides encryption, not invisibility
  • Never pass passwords on the command line in shared environments (use the prompt instead)

GUI — work in progress. A graphical interface is under development and will be available in a future release. See the gui/ folder.

About

A lightweight CLI tool that appends AES-256 encrypted data to any carrier file. Images, videos, and PDFs remain fully functional while hiding your secrets.

stego.tech/

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages